www.liberterra.com

Sometimes during a wireshark or sniffer network capture you will come across communication where the windows system will use Basic Authorization to authenticate to the windows domain. This often looks like "Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=". This happens to be authentication to a proxy server.

Here is a simple command line perl to decode the base64 encoded username and password:

perl -e 'use MIME::Base64; $data = decode_base64("dXNlcm5hbWU6cGFzc3dvcmQ="); print "Encoded $data\n";'

And if for some reason you want to do a base64 encoding:

perl -e 'use MIME::Base64; $data = encode_base64("username:password"); print "Encoded $data\n";'
Encoded dXNlcm5hbWU6cGFzc3dvcmQ=

Getting ready to head out to Kansas City Startup Weekend. This is my first time attending a startup weekend event, but I am excited about the experience.

Kansas City Startup Weekend

From the Startup Weekend Website:

"It’s an experience unlike any conference you’ve attended before. Over the course of a single weekend, you get to take time out from your current venture/business and practice building a new one. Think of it like time off the field.

Most ventures fail on Monday morning, which isn’t the point. The point is, you learn new skills, processes, coding frameworks, legal jargon, business practices, spread sheet programs, etc that you can bring back to your current venture. Startup Weekend is a weekend warrior event where anything goes, and practice is implied. You’re not judged (unless you judge) and learning is paramount."

The Metasploit creator HD Moore is releasing a software tool, WarVOX, that makes the process of war-dialing very easy using a VOIP provider. WarVOX has the ability to dial 10,000 phone numbers per hour.

Read the DarkReading article about WarVox here.

Find out how to get and install WarVox here

If you use one of these tools (DyanWeb FreeGate, GPass or FirePhoenix) and you want to use a service that does not sell user data then I have the answer for you. I have created a secure proxy (encrypted from your location to my proxy server) that bypasses the 'Chinese Firewall' and most corporate proxy servers/firewalls.

Send me an email at daryl(at)liberterra(dot)com for more information on my secure proxy service. Or if you know you want it subscribe here and I will send you the proxy client and instructions (a small $5 fee will apply for every month of usage).

If you just want to read more information about Filter Circumvention by some Chinese and others you can read it here at Rebecca McKinnons, RConversation website or Hal Roberts website.

In OpenSSH to create a local port that forwards to a remote port without creating a connection to the shell.

ssh -N -l johndoe -i .ssh/id_dsa -L45432:0.0.0.0:5432 191.168.1.1

The above command uses the identity file id_dsa and creates a local port 45432 that forwards to the remote system on port 5432 (postgres).

This will allow the local client to connect with postgres on local port 45432 and run queries against the remote database over the encrypted SSH tunnel. This is a very secure method for database connectivity.

To create an identity file:

ssh-keygen -t dsa -b 2048

Do not enter a password if you are going to use this to connect without user interaction. If you do this you must keep the key protected.

Once you have the keys take the public key (id_dsa.pub) and add it to the authorized_keys file of the user you are connecting as:

For instance if the user is johndoe on the remote system go to johndoe's home directory, something like /home/johndoe and then to the .ssh directory ( /home/johndoe/.ssh ) and add the id_dsa.pub key to the end of the authorized_keys file. If the file does not exist create it and add the key on the end. They key is only one line so make sure that it doesn't span more than one line.

Make sure to make the file read/write only for the owner: chmod 600 authorized_keys

Now you can log in or use the above command to create a local port to tunnel to a remote port.

Of course to log in: ssh -l johndoe -i /home/johndoe/.ssh/id_dsa 192.168.1.1

To use the Secure Proxy you will have to have a User ID and password assigned to you. Click on this subscription button and a User ID and password will be sent to you along with the secure proxy java client and directions on how to use the secure proxy.

Please allow 24 Hours for the user ID and password to be sent to you.

Click Here for full article: Wireless Security: A Partial Glossary of Wireless Security Terms

• WEP (Wired Equivalent Privacy)—The old, original, now discredited wireless security standard. Easily cracked.
• WEP 40/128-bit key, WEP 128-bit Passphrase—See WEP. The user key for WEP is generally either 40- or 128-bit, and generally has to be supplied as a hexadecimal string.
• WPA, WPA1—Wi-Fi Protected Access. The initial version of WPA, sometimes called WPA1, is essentially a brand name for TKIP. TKIP was chosen as an interim standard because it could be implemented on WEP hardware with just a firmware upgrade.
• WPA2—The trade name for an implementation of the 802.11i standard, including AES and CCMP.
• TKIP—Temporal Key Integrity Protocol. The replacement encryption system for WEP. Several features were added to make keys more secure than they were under WEP.
• AES—Advanced Encryption Standard. This is now the preferred encryption method, replacing the old TKIP. AES is implemented in WPA2/802.11i.
• Dynamic WEP (802.1x)—When the WEP key/passphrase is entered by a key management service. WEP as such did not support dynamic keys until the advent of TKIP and CCMP.
• EAP—Extensible Authentication Protocol. A standard authentication framework. EAP supplies common functions and a negotiation mechanism, but not a specific authentication method. Currently there are about 40 different methods implemented for EAP. See WPA Enterprise.
• 802.1x, IEEE8021X—The IEEE family of standards for authentication on networks. In this context, the term is hopelessly ambiguous.
• LEAP, 802.1x EAP (Cisco LEAP)—(Lightweight Extensible Authentication Protocol) A proprietary method of wireless LAN authentication developed by Cisco Systems. Supports dynamic WEP, RADIUS and frequent reauthentication.
• WPA-PSK, WPA-Preshared Key—Use of a shared key, meaning one manually set and manually managed. Does not scale with a large network either for manageability or security, but needs no external key management system.
• RADIUS—Remote Authentication Dial In User Service. A very old protocol for centralizing authentication and authorization management. The RADIUS server acts as a remote service for these functions.
• WPA Enterprise, WPA2 Enterprise—A trade name for a set of EAP types. Products certified as WPA Enterprise or WPA2 Enterprise will interoperate. The included types are:
• EAP-TLS
• 
  EAP-TTLS/MSCHAPv2
• PEAPv0/EAP-MSCHAPv2
• PEAPv1/EAP-GTC
• EAP-SIM
• WPA-Personal, WPA2-Personal—See Pre-Shared Key.
• WPA2-Mixed—Support for both WPA1 and WPA2 on the same access point.
• authentication algorithms: OPEN, SHARED and LEAP—OPEN in this context meant no authentication; the network was open to all. SHARED refers to preshared key. for LEAP see LEAP.

Get csv output of source and destination IP addresses from a pcap (wireshark or tcpdump) capture file.

tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst

Creates a file similar to:


192.168.1.105,192.168.1.120
192.168.1.105,192.168.1.120
192.168.1.120,192.168.1.105
192.168.1.120,192.168.1.105
72.14.247.83,192.168.1.105
192.168.1.105,72.14.247.83
72.14.247.19,192.168.1.105
192.168.1.105,72.14.247.19
192.168.1.105,74.53.76.3
74.53.76.3,192.168.1.105
192.168.1.105,72.14.247.83
72.14.247.83,192.168.1.105


Then if you have afterglow installed you can create a visualization of the source and destination information by doing the following:

(from the $HOME/afterglow/src/perl/graph directory)

tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst | perl afterglow.pl -c color.properties > file.dot


This creates a filter of the data for drawing a direct graph using neato.

Now using neato create a gif file to display a visualization of the data.


neato -Tgif -o test.gif ./file.dot


Click here to see an example of the test.gif file created from the above command.

Check it out. Amazon is now selling the HP 2133 for $299.

Click Link Below

HP 2133-KR922UT 8.9-Inch Mini-Note PC (C7-M 1.0 GHz Processor, 512 MB RAM, 4 GB Flash Drive, Linux)

If you are an american and you care about your country and your money. Then find out who is your nemesis, The Federal Reserve. But don't take my word for it. Watch the following video and see for yourself:

http://www.youtube.com/watch?v=iYZM58dulPE

And for more information

http://www.apfn.org/apfn/reserve.htm